GLSA-200412-12 : Adobe Acrobat Reader: Buffer overflow vulnerability

This script is Copyright (C) 2004-2015 Tenable Network Security, Inc.


Synopsis :

The remote Gentoo host is missing one or more security-related
patches.

Description :

The remote host is affected by the vulnerability described in GLSA-200412-12
(Adobe Acrobat Reader: Buffer overflow vulnerability)

A buffer overflow has been discovered in the email processing of
Adobe Acrobat Reader. This flaw exists in the mailListIsPdf function,
which checks if the input file is an email message containing a PDF
file.

Impact :

A remote attacker could send the victim a specially crafted email
and PDF attachment, which would trigger the buffer overflow and
possibly lead to the execution of arbitrary code with the permissions
of the user running Adobe Acrobat Reader.

Workaround :

There is no known workaround at this time.

See also :

http://www.adobe.com/support/techdocs/331153.html
https://security.gentoo.org/glsa/200412-12

Solution :

All Adobe Acrobat Reader users should upgrade to the latest
version:
# emerge --sync
# emerge --ask --oneshot --verbose '>=app-text/acroread-5.10'

Risk factor :

Critical / CVSS Base Score : 10.0
(CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C)

Family: Gentoo Local Security Checks

Nessus Plugin ID: 15993 (gentoo_GLSA-200412-12.nasl)

Bugtraq ID:

CVE ID: CVE-2004-1152

Ready to Scan Unlimited IPs & Run Compliance Checks?

Upgrade to Nessus Professional today!

Buy Now

Combine the Power of Nessus with the Ease of Cloud

Start your free Nessus Cloud trial now!

Begin Free Trial